Class: AWS::S3::ACL::Grantee
- Includes:
- SelectiveAttributeProxy
- Defined in:
- lib/aws/s3/acl.rb
Overview
Grants bestow a access permission to grantees. Each grant of some access control list Policy is associated with a grantee. There are three ways of specifying a grantee at the time of this writing.
-
By canonical user - This format uses the
id
of a given Amazon account. The id value for a given account is available in the
Owner object of a bucket, object or policy.
grantee.id = 'bb2041a25975c3d4ce9775fe9e93e5b77a6a9fad97dc7e00686191f3790b13f1'
Often the id will just be fetched from some owner object.
grantee.id = some_object.owner.id
-
By amazon email address - You can specify an email address for any Amazon account. The Amazon account need not be signed up with the S3 service.
though it must be unique across the entire Amazon system. This email address is normalized into a canonical user representation once the grant has been sent back up to the S3 servers.
grantee.email_address = '[email protected]'
-
By group - As of this writing you can not create custom groups, but Amazon provides three group that you can use. See the documentation for the
Grantee.group= method for details.
grantee.group = 'Authenticated'
Defined Under Namespace
Classes: Builder
Instance Method Summary collapse
-
#group ⇒ Object
Returns the grantee’s group.
-
#group=(group_name) ⇒ Object
Sets the grantee’s group by name.
-
#initialize(attributes = {}) {|_self| ... } ⇒ Grantee
constructor
A new instance of Grantee.
-
#inspect ⇒ Object
:nodoc:.
-
#to_xml ⇒ Object
The xml representation of the current grantee object.
-
#type ⇒ Object
Returns the type of grantee.
-
#type_representation ⇒ Object
:nodoc:.
Methods included from SelectiveAttributeProxy
Constructor Details
#initialize(attributes = {}) {|_self| ... } ⇒ Grantee
Returns a new instance of Grantee.
390 391 392 393 394 395 396 397 |
# File 'lib/aws/s3/acl.rb', line 390 def initialize(attributes = {}) # Set default values for attributes that may not be passed in but we still want the object # to respond to attributes = {'id' => nil, 'display_name' => nil, 'email_address' => nil, 'uri' => nil}.merge(attributes) @attributes = attributes extract_type! yield self if block_given? end |
Instance Method Details
#group ⇒ Object
Returns the grantee’s group. If the grantee is not a group, nil
is returned.
434 435 436 437 |
# File 'lib/aws/s3/acl.rb', line 434 def group return unless uri uri[%r([^/]+$)] end |
#group=(group_name) ⇒ Object
Sets the grantee’s group by name.
grantee.group = 'AllUsers'
Currently, valid groups defined by S3 are:
-
AllUsers
: This group represents anyone. In other words, an anonymous request. -
Authenticated
: Any authenticated account on the S3 service. -
LogDelivery
: The entity that delivers bucket access logs.
428 429 430 431 |
# File 'lib/aws/s3/acl.rb', line 428 def group=(group_name) section = %w(AllUsers Authenticated).include?(group_name) ? 'global' : 's3' self.uri = "http://acs.amazonaws.com/groups/#{section}/#{group_name}" end |
#inspect ⇒ Object
:nodoc:
447 448 449 |
# File 'lib/aws/s3/acl.rb', line 447 def inspect #:nodoc: "#<%s:0x%s %s>" % [self.class, object_id, type_representation || '(type not set yet)'] end |
#to_xml ⇒ Object
The xml representation of the current grantee object.
400 401 402 |
# File 'lib/aws/s3/acl.rb', line 400 def to_xml Builder.new(self).to_s end |
#type ⇒ Object
Returns the type of grantee. Will be one of CanonicalUser
, AmazonCustomerByEmail
or Group
.
405 406 407 408 409 410 411 412 413 414 415 416 417 |
# File 'lib/aws/s3/acl.rb', line 405 def type return attributes['type'] if attributes['type'] # Lookups are in order of preference so if, for example, you set the uri but display_name and id are also # set, we'd rather go with the canonical representation. if display_name && id 'CanonicalUser' elsif email_address 'AmazonCustomerByEmail' elsif uri 'Group' end end |
#type_representation ⇒ Object
:nodoc:
439 440 441 442 443 444 445 |
# File 'lib/aws/s3/acl.rb', line 439 def type_representation #:nodoc: case type when 'CanonicalUser' then display_name || id when 'AmazonCustomerByEmail' then email_address when 'Group' then "#{group} Group" end end |